Discover Security Trends News
Malicious libraries in package repositories reveal a fundamental security flaw
The proliferation of malicious packages in repositories for software developers that rely on typosquatting points to a problem: A reliance on flat namespaces.
The PyPI package manager for Python developers contains malicious packages, researchers at security firm ReversingLabs found, according to a Wednesday blog post. The actual packages discovered are uninteresting—four packages by a developer named ruri12, one of which is libpeshnx, a package that attempts to download a file from a C2 server, save it in a user's home directory, and make it persist as a background process.
It's theorized to be a development version of libpeshka, which was discovered by a researcher named Bertus, and reported by ZDNet's Catalin Cimpnau last October. The C2 server was already offline by that point, making the whole package toothless, though for its toothlessness, not appreciably less concerning.
The link for this article located at TechRepublic is no longer available.